VxPlanet

NSX 4.0.1 Stateful Active-Active Gateway – Part 3 – Routing Considerations and Packet Walks

February 8, 2023 Posted in VMware NSXLeave a comment

Welcome back!!! We are at Part 3 of the blog series on NSX 4.0.1 Stateful Active-Active Gateways. In Part 1, we dealt with a single tier routing scenario with workload segments attached directly to a stateful A/A T0 gateway. In Part 2, we extended the topology to two tier, where the workload segments are attached…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 3 – Routing Considerations and Packet Walks

NSX 4.0.1 Stateful Active-Active Gateway – Part 2 – Two Tier Routing

January 30, 2023February 9, 2023 Posted in VMware NSXLeave a comment

Welcome back!!! We are at Part 2 of the blog series on NSX Stateful Active-Active Gateways. In Part 1, we dealt with a single tier routing scenario where we had the logical segments attached to stateful A/A T0 Gateway and discussed about Edge sub-clusters, Interface groups, shadow and peer-shadow interfaces, traffic punting, edge node selection…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 2 – Two Tier Routing

Ambassador – Office of the CTO (CTOA) VMware

January 28, 2023January 28, 2023 Posted in VMware NSXLeave a comment

I am excited to announce that I have been selected to be in the Ambassador – Office of the CTO (CTOA) program at VMware for the calendar year 2023-2024. I received this surprise invitation yesterday and I am so happy to be in this prestigious program where I can meet and work with a group…… Continue reading Ambassador – Office of the CTO (CTOA) VMware

NSX 4.0.1 Stateful Active-Active Gateway – Part 1 – Single Tier Routing

January 24, 2023February 9, 2023 Posted in VMware NSXLeave a comment

With the release of version 4.0.1, NSX introduced support for stateful services on T0 or T1 gateway running in Active-Active topologies. Prior to NSX 4.0.1, configuration of stateful services required to have the gateways configured in Active-Standby mode. The reason for this was asymmetric routing as the return path for traffic can be on a…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 1 – Single Tier Routing

NSX Microsegmentation Part 2 : Transforming Architecture to Policies

December 6, 2022 Posted in VMware NSX4 Comments

Welcome back!!! Now that we developed the microsegmentation architecture for the fictitious customer Corp-XYZ, we will move ahead and transform the architecture to DFW policies. If you missed Part 1, you can read it below: https://vxplanet.com/2022/11/30/nsx-microsegmentation-part-1-developing-the-architecture/ Let’s get started: Defining tags and security boundaries (virtual zones) Based on the design decisions we developed in Part…… Continue reading NSX Microsegmentation Part 2 : Transforming Architecture to Policies

NSX Microsegmentation Part 1 : Developing the Architecture

November 30, 2022December 6, 2022 Posted in VMware NSXLeave a comment

Distributed Firewall (DFW) is one of the powerful security features of NSX. Distributed Firewall is an East-West Firewall used for network segmentation and microsegmentation to achieve zero-trust protection for the environment. The DFW exists in the kernel of the hypervisor and the rules are enforced at the vnic level of the virtual machines. DFW rules…… Continue reading NSX Microsegmentation Part 1 : Developing the Architecture

NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained

November 24, 2022November 24, 2022 Posted in VMware NSX2 Comments

When dealing with Spoofguard, address learning and distributed firewall (DFW), we need to consider two modes under the IP discovery profile of segments called “Trust on First Use (TOFU)” and “Trust on Every Use (TOEU)”. Understanding these modes is important as this has a dependency with spoofguard as well as to avoid DFW bypassing in…… Continue reading NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained

NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway

August 22, 2022 Posted in VMware NSXLeave a comment

Until NSX-T version 3.2, Proxy ARP configuration on the T0 Gateway required that the gateway to be deployed in Active-Standby mode. I wrote an article around the same for use with vSphere with Tanzu during February last year. If you missed it, you can read it below: https://vxplanet.com/2021/02/12/nsx-t-architecture-in-vsphere-with-tanzu-part-4-proxy-arp-gateways/ To understand what Proxy ARP is, it…… Continue reading NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway

NSX 4.0 Edge Node Design with four Datapath Interfaces

August 20, 2022August 20, 2022 Posted in VMware NSX3 Comments

NSX-T introduced support for four datapath interfaces in release 3.2.1 which allows for more flexibility in achieving deterministic traffic flows for East-West and North-South traffic by decoupling the East-West TEP traffic and North-South traffic over BGP on separate interfaces on the edge nodes. Prior to release 3.2.1, we used named teaming policies for deterministic steering…… Continue reading NSX 4.0 Edge Node Design with four Datapath Interfaces

VMware Explore (VMworld) and how it has helped me over these years

July 29, 2022 Posted in VMware NSXLeave a comment

I just registered for the biggest event of the year – VMware Explore 2022 US happening at the Moscone Center in San Francisco, California from Aug 29 – Sept 1, 2022. I am a big fan of VMware Explore event but have never attended in-person and this will be my first in-person experience at the…… Continue reading VMware Explore (VMworld) and how it has helped me over these years